Video recording and production done by DockerCon
Running a container app in the container is easy, attaching a custom app to a running container is a bit trickier. But, what if I wanted to run any arbitrary binary in any arbitrary running container? Common wisdom says it's impossible. Is it ? This talk dives into containers internals, just above the kernel surface and demonstrates that this is, indeed possible. With a bit of C magic and ptrace.
Linux containers are different from Solaris Zones or BSD Jails: they use discrete kernel features like cgroups, namespaces, SELinux, and more. We will describe those mechanisms in depth, as well as demo how to put them together to produce a container. We will also highlight how different container runtimes compare to each other.
This talk is inspired by the series of blog posts Jessie wrote. This talk will cover running tor relays in containers, routing all traffic through tor in a container, running a tor socks proxy in a container, and lastly running a Docker native networking plugin to route all container traffic through tor.
DNS-based dynamic service discovery is still an unsolved problem for Docker Swarm. In this talk we will talk about a new open source project by Microsoft: “wagl” a minimalist DNS service discovery solution built specifically Docker Swarm Clusters. It takes a single command to set up and works out of the box.
wagl is open source at: github.com/ahmetalpbalkan/wagl
wagl allows developers to use domain names such as api.billing.swarm or memcached.swarm:11211 in their applications that are magically resolved into IP addresses of containers spread all over the Swarm cluster.
The session will also review other means of Service Discovery, use cases of Swarm and there will be a demo of creating Docker Swarm Clusters in Azure in just a few clicks.
John’s presentation will cover his lessons learned from running Docker in Production @ SalesforceIQ. Learn how to scale your registry using AWS and S3. Should you use Device Mapper or AUFS? Why run Swarm, Mesos, Kubernetes, or neither. Finally, know how persistent storage (Kafka, Cassandra, or SQL) can be run successfully with Docker in Production
His team focuses on Docker based solutions to power their SaaS infrastructure and developer operations.
How Docker is used at Gilt: At Gilt we use Docker primarily as a unit of immutability and to allow a standard way of deploying all kinds of software as opposed to its container properties.
Why Gilt built Ionroller: An overview of the problems we tried to solve with Ionroller and immutable deploys. Pitfalls we've encountered with immutable deployments since Ionroller saw adoption in Gilt. Will cover issues such as DNS traffic migration, utilisation of resources ELBs not warmed up properly, Elasticbeanstalk using Nginx as proxy etc. Our experiences with Cloudformation and Codedeploy as an alternative to Ionroller and Elasticbeanstalk.
Jobs: How we used to do batch jobs. Solutions we considered such as Mesos and Chronos. An overview of Sundial, an in house solution we built in the last few months and hope to open source for running containerized Docker jobs on Amazon ECS and why we chose it as our preferred solution.
In this session, you will learn everything you need to know about docker security best practices. We will cover how to write clean Dockerfiles and trim down on your base images. We will go over the runtime security settings you can and should apply to your running containers, go over a few examples around monitoring and incident respo nse and will end up demoing image signing and verification in Docker.
This is a no-slides session, and the console will be the only thing up on the screen.
Testing software is necessary, no matter the size or status of your company. Introducing Docker to your development workflow can help you write and run your testing frameworks more efficiently, so that you can always deliver your best product to your customers and there are no excuses for not writing tests anymore. You’ll walk away from this talk with practical advice for using Docker to run your test frameworks more efficiently, as well as some solid knowledge of software testing principles.
Many companies use expensive proprietary hardware and software to provide load-balancing and routing for their users and services. I'm going to demonstrate how the same or even exceeding performance and feature set can be achieved using an open-source technology which has been a part of the mainline Linux kernel for over a decade – IPVS. Specifically, you'll see how IPVS can be used to automatically configure load balancing and routing for Docker containers using a simple Go daemon and a Docker plugin.
From Hola Mundo to Adiós Barcelona! Our “Gran Final” cannot be missed.
For this last session, we turn the spotlight onto our awesome community to showcase their contributions to Docker. Come see some very cool demos from our Global Hack Day winners and a few other surprises that bend the imagination and push innovation.
In this talk I will briefly show why you might want to live migrate a container, why you might want to avoid doing this and what can be done instead. The main topic of the talk would to demonstrate why live migrating a container is more complex than live migrating a virtual machines and what can be done with this complexity.
In the recent past there were quite some discussions about security in the context of introducing or using Docker. It is true that there are some gaps to be closed but the whole story does not start from square one either. At Amadeus we are using Docker to build our future-oriented services and to introduce devops culture. Due to the nature of our business we have to deal with Security certifications like PCI-DSS, SSAE 16 and ISO 27001. This talks described the challenges we were facing in that context and how we mastered them. The story has technical and non-technical aspects.
Porting Docker for Windows is no small feat. The technology behind Docker today takes advantage of Linux capabilities like namespaces and cgroups. For native containers to exist on Windows and to have a Docker Engine for Windows, first similar primitives needed to be developed into the Windows operating system. In this session we will explain these Windows primitives in relation to similar primitives in Linux and other architectural changes on the OS and Engine side to make containerization possible. The process of porting includes not only the technology but also open source community interactions and cultural changes to enable this development. And of course there will be a cool demo…
Shipping Manifests, Bill of Lading and Docker - Metadata for Containers
The shipping container metaphor for Docker points to many of the advantages of building and running software using containers. But what about other essential parts of the shipping container ecosystem like the shipping manifest and bill of lading?
Many of the most powerful features of traditional package management tools like apt or yum are based on metadata associated with the packages. You can find out who created a package and when, check where a particular file came from, whether the package has a known vulnerability and more. What would this capability look like for Docker containers?
This talk will look at the power of metadata for containers, in particular:
* Docker provides labels for associating metadata with images and containers but how best to use them?* What problems can be solved by agreeing on standards for container metadata?* Exposing standard commands and endpoints to expose metadata about what is inside a container* Demo some open source toolings and also look at the sort of tools we might build atop those standards and low-level tools.